Gateway Device Security Best Common Practices CL-GL-GDS-BCP-V01-211007
10/07/21 CableLabs
7
2 REFERENCES
2.1 Informative References
The following references include documents/links to standards in different regions, including the European Union
and North America, in order to align requirements within this document with these references.
[2021 CWE 25] 2020 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses,
https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
[BCMO] NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation,
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf
[BCMO-CCM] NIST Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: The CCM
Mode for Authentication and Confidentiality,
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf
[BCMO-GCM] NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter
Mode (GCM) and GMAC, https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
[BCMO-XTS-AES] NIST Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES
Mode for Confidentiality on Storage Devices,
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38e.pdf
[BCMO-Key Wrap] NIST Special Publication 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for
Key Wrapping, https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38f.pdf
[CA SB-327] California SB-327 Information privacy: connected devices, 2018,
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327
[CVSS v3.1] Common Vulnerability Scoring System v3.1, https://www.first.org/cvss/v3.1/specification-document
[CycloneDX] OWASP CycloneDX SBOM, https://cyclonedx.org/specification/
[FIPS 140-3] NIST FIPS 140-3, Security Requirements for Cryptographic Modules, March 2019,
https://csrc.nist.gov/publications/detail/fips/140/3/final
[FIPS 180-4] NIST FIPS 180-4, Secure Hash Standard, August 2015,
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
[IEEE 1588-2019] IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control
Systems, (Precision Time Protocol), https://standards.ieee.org/standard/1588-2019.html
[NIST 800-56A] NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment
Schemes Using Discrete Logarithm Cryptography,
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
[NIST 800-56B] NIST Special Publication 800-56-B Revision 2, Recommendation for Pair-Wise Key Establishment Using
Integer Factorization Cryptography, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-
56Br2.pdf
[NIST 800-56C] NIST Special Publication 800-56C, Recommendation for Key-Derivation Methods in Key-Establishment
Schemes, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf
[NIST 800-63-3] NIST Special Publication 800-63 Revision 3, Digital Identity Guidelines, https://pages.nist.gov/800-63-
3/sp800-63-3.html
[NIST 800-63B] NIST Special Publication 800-63B, Digital Identity Guidelines – Authentication and Lifecycle Management,
https://pages.nist.gov/800-63-3/sp800-63b.html
[NIST 800-88r1] NIST Special Publication 800-88r1, Guidelines for Media Sanitization,
http://dx.doi.org/10.6028/NIST.SP.800-88r1
[NIST 800-133] NIST Special Publication 800-133 Revision 2, Recommendation for Cryptographic Key Generation,
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf
NISTIR 8259A, IoT Device Cybersecurity Capability Core Baseline, https://doi.org/10.6028/NIST.IR.8259A
[OWASP] Open Web Application Security Project® (OWASP®), https://owasp.org/